In the infancy of any technology, there are going to be teachable moments. Prehistoric man’s mastery of fire didn’t come without a few scorched fingers and the occasional multi-acre conflagration. As a species, our taming of fire and combustion enabled innovations in everything from cooking to metallurgy to transportation, to an array of other endeavors. Those innovations, however, required a continuous process for humans to learn and establish capabilities to control fire, to use it appropriately, and to make it work for humanity’s benefit.
What the discovery of fire meant to ancient humankind, the Internet is to our modern world: a reshaping force that has reconfigured the ways in which we interact and innovate. And—like our forebearers—we are still singeing our hands a bit as we learn to operate appropriately in our evolving digital society. No matter whether we are enterprises or individuals, we must continue to develop and mature our capabilities to embrace and cope with new technologies and the resulting data that offer so much positive potential.
Data is not the new “oil” anymore. Data is the new “air.” It has become more than economic fuel; it is a catalyst of innovation, of disruption, and of possibilities. However, it’s never a guarantee that all innovations, disruptions and possibilities will be positive ones. Creating fire was one of early humanity’s greatest accomplishments. It also made arson possible. We still need to learn how to harness data and the Internet for positive benefit—as well as to manage and mitigate its risks. In the data we generate, just as there is great value, there also is great risk. We need to understand both and plot our digital pathways accordingly.
Facebook CEO Mark Zuckerberg’s recent moments on Capitol Hill made our need to digitally evolve even more stark. His testimony made the spotlight already focused on data and privacy even brighter. If nothing else was accomplished by his interactions with Congress, he has surfaced important and thought-provoking issues worthy of continued discussion—discussion that needs the active participation of policymakers, regulators, industry executives, academic leaders and individual citizens concerned about the use of their personal data.
Zuckerberg’s appearance in Washington, DC came in the aftermath of a data scandal involving a UK-based political data firm that improperly accessed data of millions of Facebook users. Pointing a finger at Facebook and asking, “How did this happen?” may feel cathartic, but it misses the larger point. This happened because the digital world in which we are now living continues to evolve faster than we have developed internationally accepted standards. This happened because, absent of such standards, evolution within the global regulatory and public policy realm has been unable to keep pace with the rapid advancement of technology.
During his testimony, Zuckerberg admitted mistakes, accepted responsibility, and promised to do better—and then was grilled about many of those mistakes and the path forward. While Facebook has pledged expanded efforts to protect its users’ data, including giving users a better understanding of which apps can access their data and providing developers less access to data without users’ expressed consent, the revised approach going forward should not be Facebook’s responsibility alone. We, as individuals, have to accept some responsibility, too. In an odd sort of way, people have become data-driven companies in their own right. We must be proactive in the protection of our personal information, profiles, data and privacy rights.
The urgent need for sound data protection has reached new heights globally thanks to the arrival of the long-anticipated General Data Protection Regulation (GDPR), which is now in effect. ISACA research conducted in the weeks leading up to the deadlineshows that prioritizing GDPR compliance among other business priorities is among the leading challenges that organizations face. While balancing enterprise priorities amid a disruptive and fast-evolving technology landscape is no easy task, protecting customers’ personal information – whether mandated by GDPR or otherwise – must be a priority, and therefore not relegated to being treated as a secondary consideration.
Data is the new air, and leveraging its positive potential is essential to catalyze innovation, progress, and to create new value. To inspire assurance and confidence that the appropriate data protection efforts are in place, implementation of more rigorous and robust information/data governance is not an option; it has become a must. We may also need consensus-based standards to shape the right governance environment, ultimately making it easier to comply with any new policies and regulations that will come forward in the future. Without these conditions in place and lacking a collective commitment to collaboration, breathing this new air will become far more difficult.
Editor’s note: This article originally appeared in CSO.
Matt Loeb, CGEIT, CAE, FASAE, Chief Executive Officer, ISACA
[ISACA Now Blog]